Malicious insiders considered the most damaging threat vector for organizations

The importance of managing internal threats to win at cyber security has been emphasised in a study by Haystax Technology and SANS which found that 40% of respondents to their survey rated malicious insiders (insiders who intentionally do harm) as the most damaging threat vector their companies faced.

Furthermore, Defending Against the Wrong Enemy: 2017 SANS Insider Threat Survey revealed that nearly half (49%) said they were in the process of developing a formal incident response plan with provisions to address insider threat. This further illustrates the urgency with which companies are moving to address this threat vector.

"We are encouraged to see organizations recognizing malicious insiders as the top threat vector, but we are not seeing the necessary steps taken to address it," said Haystax CEO, Bryan Ware. "Existing tools aren't smart enough, or don't have the context needed to identify malicious insiders. What's needed is contextually-smart, user behavior analytics that produce actionable intelligence for decision makers."

Despite the increased awareness of the threat from malicious insiders, many organizations continue defending against the wrong enemy by failing to implement effective detection tools and processes to identify these malicious insiders. A third of survey respondents (34%) have these tools and technology, but have not used them operationally and more than a third (38%) of survey respondents are in the process of re-evaluating internally to better identifying malicious insiders.

"It is misleading to see that 60% of respondents said they had not experienced an insider attack," said SANS instructor and survey report author, Eric Cole, PhD. "The rest of our data indicates that organizations still are not effective at detecting insider threats, so it's clear that most either didn't notice threats or attacks, or didn't realize those incidents involved malicious insiders, or outsiders using compromised insider credentials."

Related / News

With phishing and social engineering maintaining their position as the top driver of cyber disruptions, there is a need for a stronger cyber resilience culture across organizations, and a focus on the human aspects of the threat.
This is one of the key findings of the ​Cyber Resilience Report, published today by the ​Business Continuity Institute.

Cyber attack is once again the top threat perceived by businesses, according to the latest ​Horizon Scan Report, published by the Business Continuity Institute (BCI) in association with BSI (British Standards Institution).